\section*{2024-02-11}

\subsection*{11:40 python as a vm}
\emoji{parrot}: Let's talk about python as a VM.

\emoji{turtle} : First let's see a minimal python contract:

\begin{simplepy}
from typing import Any

def hi() -> str:
    return "hi"

\end{simplepy}

\emoji{parrot} : Okay, I think there're two things we should do:

\begin{enumerate}
\item Check that the there's nothing dangerous.
\item Parse the function definition, which includes each function's name and the
  name of their arguments.
\end{enumerate}

\emoji{turtle}: Yeah. These two steps are separate, and we discuss them one by one. But before that,
let's talk about the contract's structure.

A contract is just a python file, but with some restrictions. The content of the
file is divided into two parts.

\begin{enumerate}
\item the \cola{header}, where all the \texttt{import}'s are
\item the \cola{body}, where all the function definitions are
\end{enumerate}

\begin{center}
  \begin{tikzpicture}
    % \draw[style=help lines] (0,0) grid +(10,-5);
    \node[draw,rectangle,below right] (A) {
      \begin{minipage}{10cm}
\begin{simplepy}
from typing import Any
# --------------------------------------------------
def hi() -> str:
    return "hi"
      \end{simplepy}
    \end{minipage}
  };
  % \node[draw,rectangle,fill=\mycolaa,right of=header,xshift=3cm] (body) {body};
  \draw[latex-latex] ([shift={(0.5cm,0)}]A.north east) -- +(0,-2em) coordinate
  (B) node[midway,right,xshift=1em] {the header};
  \draw[latex-latex] ([shift={(0.5cm,0)}]A.south east) -- (B)
  node[midway,right,xshift=1em] {the body};
\end{tikzpicture}
\end{center}

The start of a \texttt{def} marks the end of the header.

In the header area, only \texttt{from ... import ...} is allowed, but star
import is not allowed.

And the allowed symbols currently are:
\begin{center}
  \begin{tblr}{|l|c|}
    \hline
    Symbol & {Description} \\
    \hline
    \texttt{math.*} & the standard math module \\
    \texttt{cmath.*} & the standard complex math module \\
    \texttt{typing.*} & the module for type hints \\
    \texttt{hashlib.*} & the module for hashing \\
    \texttt{hmac.*} & the module for hash-based message authentication code \\
    \hline
  \end{tblr}
\end{center}

\emoji{parrot} : I see. So the first step is to check the header. We need to
make sure that there's no dangerous import. And next we check the rest (the
body), right?

\emoji{turtle} : Yeah. 


\subsubsection*{Validity check}
\emoji{turtle} : The first step is to check that the contract is safe to run. We
check two things:

\begin{enumerate}
\item The header is safe
\item The body is safe
\end{enumerate}

For the header, we just need to check those imports.

For the body, we need to check that there's no ``dangerous statement''. In
particular, we wanna make sure that

\begin{enumerate}
\item there's no \texttt{import} statement
\item Some built-in functions are not allowed.
\end{enumerate}

\emoji{parrot} : Okay, so what are the built-in functions that are not allowed?

\emoji{turtle} : The built-in functions can be found at
\url{https://docs.python.org/3/library/functions.html}. But if we need all
``symbols'' in the default default namespace, we can use (Copilot told me):

\begin{simplepy}
import builtins

# Get a list of all built-in functions and variables
builtin_functions_and_variables = dir(builtins)

# Print them out
for name in builtin_functions_and_variables:
    print(name)
\end{simplepy}

Currently, the following
are considered dangerous|inappropriate and therefore not allowed

\begin{center}
  \begin{tblr}{|l|c|}
    \hline
    Function & {Description} \\
    \hline
    % \texttt{print} &  print to the standard output \\
    \texttt{\_\_import\_\_} &  import a module \\
    \texttt{breakpoint} &  enter the debugger \\
    \texttt{compile} &  compile a string into a code object \\
    \texttt{eval} &  evaluate a string as a python expression \\
    \texttt{execfile} & execute a file \\
    \texttt{exec} &  execute a string as a python statement \\
    \texttt{get\_ipython} &  get the current IPython instance \\
    \texttt{globals} &  return the global symbol table \\
    \texttt{memoryview} & create a memoryview object \\
    \texttt{help} &  get help on an object \\
    \texttt{id} & get the identity of an object, usually the memory address.
    This should be removed because the result is not predictable. \\
    \texttt{input} &  read a line from the standard input \\
    \texttt{open} &  open a file \\
    \texttt{quit / exit} &  exit the interpreter \\
    \texttt{runfile} &  run a file \\
    \texttt{vars} & return the \texttt{\_\_dict\_\_} attribute of an object \\
    \hline
  \end{tblr}
\end{center}



